[BlueOnyx:10842] ProFTPd TLSOptions (err 500)
Frank Peels
frank at peels.nl
Thu Jun 21 14:48:35 -05 2012
Hello forum,
I was having some errors (#500) in proftpd when I called it with implicit TLS from some MS Backuptool. The logs showed this:
Jun 17 11:37:10 mod_tls/2.4.3[11329]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 17 11:37:10 mod_tls/2.4.3[11329]: TLS/TLS-C requested, starting TLS handshake
Jun 17 11:37:11 mod_tls/2.4.3[11329]: TLSv1/SSLv3 connection accepted, using cipher AES256-SHA (256 bits)
Jun 17 11:37:11 mod_tls/2.4.3[11329]: Protection set to Private
Jun 17 11:37:12 mod_tls/2.4.3[11329]: starting TLS negotiation on data connection
Jun 17 11:37:12 mod_tls/2.4.3[11329]: TLSv1/SSLv3 renegotiation accepted, using cipher AES256-SHA (256 bits)
Jun 17 11:37:12 mod_tls/2.4.3[11329]: client did not reuse SSL session, rejecting data connection (see the NoSessionReuseReq$
Jun 17 11:37:12 mod_tls/2.4.3[11329]: unable to open data connection: TLS negotiation failed
So I googled a bit and found folks with similar problems , with a solution to edit the TLSOptions in /et/c/proftpd.conf
# TLSOptions NoCertRequest
TLSOptions NoSessionReuseRequired
Now the end of the log changes to this:
Jun 17 12:22:45 mod_tls/2.4.3[20485]: TLSv1/SSLv3 renegotiation accepted, using cipher AES256-SHA (256 bits)
Jun 17 12:22:45 mod_tls/2.4.3[20485]: TLSv1/SSLv3 data connection accepted, using cipher AES256-SHA (256 bits)
Question, I doubt if it was secure what I did. Maybe a little less secure?Insights? It’s not really a BO-topic I know :-\
With regards,
Frank Peels
Amsterfam
More information about the Blueonyx
mailing list